Technical data
Configuring Multizone FWLB
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 6 - 3
Figure 6.1 Basic multi-zone FWLB configuration
To configure ServerIrons for basic multi-zone FWLB, performs the following tasks:
• Configure global system parameters. These parameters include the ServerIron IP address and default
gateway. You also need to globally disable the Spanning Tree Protocol (STP). Disabling STP is required for
this configuration.
• Configure global FWLB parameters:
• Globally enable FWLB.
• Identify the port connected to the router.
• Configure firewall parameters:
• Define the firewalls and add them to the firewall group. Each firewall consists of a name and the IP
address of its interface with the ServerIron.
• Configure a standard ACL for each zone the ServerIron is not a member of, except zone 1. The ACLs
identify the IP addresses or address ranges in the other zones. If you leave zone 1 undefined, all IP
addresses that are not in this ServerIron’s own sub-net and are not members of zones configured on the
ServerIron, are assumed to be members of zone 1.
If the ServerIron is a member of zone 1, configure a standard ACL for all but one of the other zones. In this
example, configure an ACL for the DMZ zone (zone 2). The ServerIron will forward traffic that is not
addressed to its own sub-net (zone 1) and not addressed to zone 2, to the other zone (zone 3) automatically.
• Configure firewall group parameters:
• Configure the zones. Each zone definition consists of a number, an optional name, and the ACL that
specifies the IP addresses in the zone.
Internet
Note: When undefined,
Zone 1 contains all
addresses not in the other
zones.
Zone 1
Zone 2
Zone 3
WAN Router
DMZ Router
Internal Router
Port 5
Port 16
Port 1
Port 5
Port 16
Port 1
Port 5
Port 16
Port 1
209.157.24.250/24
209.157.24.1/24
209.157.25.1/24
209.157.23.1/24 209.157.25.254/24
209.157.24.254/24
209.157.23.254/24
209.157.24.13/24
209.157.25.15/24 209.157.23.15/24
209.157.25.200/24 209.157.23.15/24
SI-1
SI-3SI-2
FW1 FW2
Zone 2 = 209.157.25.0./24 - 209.157.25.255/24 Zone 2 = 209.157.23.0./24 - 209.157.23.255/24